On Thu, 8 Jun 2006, Jeroen Massar wrote: <snip>
In the end, the complete solution to most of these issues will be in the form of S-BGP (http://www.ir.bbn.com/sbgp/) and similar solutions.
And the IETF is fortunately working on this: http://www.ietf.org/html.charters/sidr-charter.html It might take some time still, but it will come one day and then these issues are gone.
At the moment you'll just have to trust your peers and try to get them to implement a sane policy on what kind of announcements they accept or
I'd like to trust my peers not to allow botnets on their networks, and to trust the botnet guys not to just run 10 more. I'd like to trust different networks not to allow spoofing. It ain't happening. I am happy folks like at RIPE and the IETF are looking at solutions, but sBGP isn't a new idea, and well, how LONG have we been waiting for DNS-SEC now? Obviously what we all (not me or you) are doing is not working. What worked for us a few years ago, now doesn't work either. There needs to be a strong distinction between what works operationally for individual networks and for the whole Internet. Gadi.